CVE-2019-14726

CVE-2019-14726 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference that allows an attacker with an attacker account to access and delete DNS records belonging to a victim’s account. Root cause appears to be insufficient access validation for DNS management objects. Repor...

CVE-2019-14726

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account...

CVE-2019-14723

CVE-2019-14723 affects CentOS Web Panel 0.9.8.851 (CWP). The flaw is an insecure object reference that lets an attacker with an attacker account delete a victim’s e-mail account. Root cause is insufficient access control/object reference handling within the CWP email management flow. Documented i...

CVE-2019-14723

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account...

CVE-2019-14722

CVE-2019-14722 affects CentOS Web Panel 0.9.8.851. The vulnerability is an insecure object reference in the email forwarding management that allows an attacker with an attacker account to delete an email forwarding destination belonging to a victim’s account. The connected documents confirm the a...

CVE-2019-14722

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account...

CVE-2019-14721

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account...

CVE-2019-14721

CVE-2019-14721 affects CentOS Web Panel (CWP) 0.9.8.851. The vulnerability is described as an insecure object reference that lets an attacker with an attacker account remove a target user from phpMyAdmin. Multiple sources (Red Hat CVE entry, CNVD aggregations) corroborate the impact of removing o...

PT-2019-4387 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to access and delete DNS records of a victim's account via an attacker account due to an insecure object reference. This is caused by insufficient input validation,...

PT-2019-4386 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to delete a victim's e-mail account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which can be...

PT-2019-4388 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to change the e-mail password of a victim account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which...

PT-2019-13802 · Php +1 · Phpmyadmin +1

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to remove a target user from phpMyAdmin via an attacker account due to an insecure object reference. Recommendations: For version 0.9.8.851, consider restricting...

PT-2019-4644 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a domain from a user's account. This can be achieved by an attacker using their own...

PT-2019-4390 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a sub-domain from a user's account. This can be achieved by an attacker using their...

PT-2019-13803 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account due to an insecure object reference. Recommendations: For version 0.9.8.85...

PT-2019-4389 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue is related to an insecure object reference in CentOS Web Panel, which allows an attacker to add an e-mail forwarding destination to a victim's account. This is due to insufficient inpu...

CVE-2016-10930

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...

Design/Logic Flaw

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...

CVE-2016-10930

The CVE-2016-10930 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System. Affected component: the wp-support-plus-responsive-ticket-system plugin for WordPress. Root cause: insecure direct object reference via a ticket number in the plugin prior to version 7.1.0. Impact: po...

CVE-2016-10930

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...